Connect to Reveal(x) 360 from self-managed sensors
This guide provides instructions for connecting Reveal(x) 360 to the self-managed sensors and packetstores that are deployed on-premises or in AWS, Azure, and Google Cloud Platform (GCP) cloud service providers.
Before you begin
- You must have a user account with System Administration or System and Access Administration privileges to configure Reveal(x) 360. See the Reveal(x) 360 Setup and Administration Guide to learn how to configure Reveal(x) 360 and create users before completing the steps in this guide.
- You must have a user account with system and access administration privileges on your sensors and packetstores.
- Your sensor and packetstore firmware should be the same firmware version as Reveal(x) 360.
- Your sensor and packetstores must be connected to ExtraHop Cloud Services before connecting to Reveal(x) 360. For more information, see Connect to ExtraHop Cloud Services.
- You should configure network traffic forwarding to your sensors after the sensors are connected to Reveal(x) 360.
- If you have a firewall, all traffic must be permitted outbound to TCP 443 to connect to ExtraHop Cloud Services and the ExtraHop Cloud Recordstore. For more information, see Configure your firewall rules.
Note: | For ExtraHop-managed sensors, see Deploy Reveal(x) 360 sensors for AWS. |
Video: | See the related training: Connect to the Reveal(x) 360 Console |
Sensor sizing
When deploying self-managed sensors, consider the following sizing guidelines for allocating vCPUs and memory.
Guidelines
Deployment | Number of vCPUs | RAM (GB) |
---|---|---|
≤25 sensors AND ≤100K devices receiving Standard or Advanced Analysis | 4 | 8 |
≤50 sensors AND ≤200K devices receiving Standard or Advanced Analysis | 8 | 16 |
≤100 sensors AND ≤400K devices receiving Standard or Advanced Analysis | 16 | 32 |
≤100 sensors AND ≤800K devices receiving Standard or Advanced Analysis | 32 | 64 |
>100 sensors OR >800K devices receiving Standard or Advanced Analysis | Contact your ExtraHop sales representative | Contact your ExtraHop sales representative |
Examples
- If you have 26 sensors and 5K devices receiving Standard or Advanced Analysis, configure the sensor deployment with 8 vCPUs, because this is greater than 25 sensors.
- If you have 7 sensors and 500K devices receiving Standard or Advanced Analysis, configure the sensor deployment with 32 vCPUs, because this is greater than 400K devices, but less than 800K devices.
- If you have 10 sensors and 1M devices receiving Standard or Advanced Analysis, contact your ExtraHop sales representative, because this is greater than 800K devices.
Connect your sensor
- Log in to the Administration settings on your self-managed sensor through https://<extrahop-hostname-or-IP-address>/admin.
- In the Console Settings section, click Connect Console.
- Click Connect Console.
- Paste the token you generated from the Reveal(x) 360 Console into the Generated Token field.
- Type a name into the Sensor Nickname field to identify this sensor in the Reveal(x) 360 Console.
- Click Connect.
Connect your packetstore
- Log in to your self-managed packetstore through https://<extrahop-hostname-or-IP-address>/admin.
- In the Packetstore Cluster Settings section, click Connect to Reveal(x) 360.
- Paste the token you generated from the Reveal(x) 360 Console into the Generated Token field.
- Type a name into the Packetstore Nickname field to identify this appliance in the Reveal(x) 360 Console.
- Click Connect.
Connect sensors to your Trace appliance
You must establish a connection from all of your sensors to your packetstores before you can query for packets.
Test the configuration
Verify that you can view traffic from your connected sensors on the Reveal(x) 360 Console.
Learn more about Reveal(x) 360
After traffic data appears, you can begin exploring Reveal(x) 360. Check out our documentation website, which includes general concepts, how-to guides, and walkthroughs. For example, you can learn how to create a dashboard or activity map, prioritize the devices on your network for advanced analysis, and investigate security detections.
Thank you for your feedback. Can we contact you to ask follow up questions?